mapbox-search-android icon indicating copy to clipboard operation
mapbox-search-android copied to clipboard

Published 20 hours ago verified publisher icon mapbox

Create codeql.yml

Open ThibaudLopez opened this issue 1 year ago • 12 comments

Enable CodeQL

ThibaudLopez avatar Mar 23 '23 22:03 ThibaudLopez

You have successfully added a new CodeQL configuration /language:python. As part of the setup process, we have scanned this repository and found no existing alerts. In the future, you will see all code scanning alerts on the repository Security tab.

github-advanced-security[bot] avatar Mar 23 '23 22:03 github-advanced-security[bot]

@DzmitryFomchyn , do you know how to setup CodeQL for Java for this repo? It failed to auto scan.

ThibaudLopez avatar Apr 03 '23 16:04 ThibaudLopez

@DzmitryFomchyn , do you know how to setup CodeQL for Java for this repo? It failed to auto scan.

@ThibaudLopez it seems that the error is SDK Registry token is not specified. which comes from here. We need a few more tokens to build the SDK (more information).

DzmitryFomchyn avatar Apr 10 '23 21:04 DzmitryFomchyn

@DzmitryFomchyn , do you know how to do the setup?

ThibaudLopez avatar Apr 11 '23 00:04 ThibaudLopez

see https://github.com/mapbox/mapbox-navigation-android/pull/7048 for example of CodeQL setup for Kotlin

ThibaudLopez avatar Jun 09 '23 00:06 ThibaudLopez

Seems to be way outdated

ghost avatar Apr 09 '24 19:04 ghost

re-opening... we still need code scanning for this repo

ThibaudLopez avatar Apr 10 '24 14:04 ThibaudLopez

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot] avatar Apr 10 '24 14:04 github-advanced-security[bot]

@ThibaudLopez It's broken in its current form. CI/CD didn't pass.

ghost avatar Apr 11 '24 18:04 ghost

@eugenes78 , correct, CodeQL is not yet setup to build the Java project of this repo as the CodeQL auto-build doesn't succeed. We need somebody that's familiar with how to build this repo to please setup the CodeQL YAML to do the same build.

ThibaudLopez avatar Apr 12 '24 04:04 ThibaudLopez

@ThibaudLopez Are you making progress on this one? It's open for more than a year already...

ghost avatar May 17 '24 17:05 ghost

@eugenes78 ,

Are you making progress on this one? It's open for more than a year already...

No, we've been needing help for a year, somebody familiar with how to build this repo, then put those instructions in the CodeQL YAML. If needed, we can close this PR and leave this repo without code scanning. We can try the other code scanning (we can follow-up internally).

ThibaudLopez avatar May 20 '24 05:05 ThibaudLopez